CVE-2019-11709Out-of-bounds Write in Mozilla Firefox

CWE-787Out-of-bounds WriteCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer Overflow12 documents7 sources
Severity
9.8CRITICALNVD
EPSS
2.6%
top 14.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird+5 more
Timeline
PublishedJul 23
Latest updateMay 24

Description

Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages12 packages

CVEListV5mozilla/firefoxunspecified68
NVDmozilla/firefox< 60.8.0+1
CVEListV5mozilla/firefox_esrunspecified60.8
Ubuntumozilla/firefox< 68.0+build3-0ubuntu0.16.04.1+3
debiandebian/firefox< firefox 68.0-1 (sid)

Also affects: Debian Linux 8.0

🔴Vulnerability Details

5
GHSA
GHSA-xhg3-p7wr-4hrx: Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 602022-05-24
OSV
firefox regressions2019-07-25
OSV
CVE-2019-11709: Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 602019-07-23
OSV
thunderbird vulnerabilities2019-07-17
OSV
firefox vulnerabilities2019-07-12

📋Vendor Advisories

5
Ubuntu
Firefox regressions2019-07-25
Ubuntu
Thunderbird vulnerabilities2019-07-17
Ubuntu
Firefox vulnerabilities2019-07-12
Red Hat
Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.82019-07-10
Debian
CVE-2019-11709: firefox - Mozilla developers and community members reported memory safety bugs present in ...2019

💬Community

1
Bugzilla
CVE-2019-11709 Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.82019-07-10
CVE-2019-11709 — Out-of-bounds Write in Mozilla Firefox | cvebase